Question

Duration of blocked user

0

Hi there, Currently when a User has had 3 unsuccessful login attempts they are blocked for a certain short amount of time (+/- 5 minutes) before being able to login again. I'd like to know is there a way that we can adjust this duration before a user is allowed to login again?

asked 2015-09-23

Shenaaz Mohamed

2 answers

Nikel Kruizinga · Answer 1 · 2015-09-23

I don't think you can. If you would want to do this, you would have to implement your own logic for blocking functionality.

This can be done with a before commit event on the user entity (or your own specialization). There you can check if failedloginattempts > 0, if that's the case, perform all your own logic, and at the end reset this counter to 0.

You would then keep track of the number of failed attempts yourself, and instead of using the locked attribute, implement your own and make sure you set the user to active=false.

It takes some work but it makes everything much more flexible. Number of attempts can be set as well as your own logic for when and how to unlock can be implemented.

Andrej Koelewijn · Answer 2 · 2015-09-23

Depends how you are deploying your application. There is a custom setting that influences this: ClusterManagerActionInterval. Whenever the cluster manager runs it will unblock blocked users. I don't think you can change this setting when running in the cloud though.